security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b2bc6021f2cc9902e51220839afb40e0de827351
sigma-rules/detection_rules
T
History
Terrance DeJesus d2791bf29a [New Rule] Toolshell Exploit Chain Detections (#4928) 
* adding toolshell attack chain rules for exploit and RCE

* updated query

* added references

* fixed references; linted

* Update rules/network/execution_potential_rce_via_toolshell.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/network/initial_access_potential_toolshell_exploit_attempt.toml

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

* changed to BBR; lowered severity; adjusted queries

* Update rules_building_block/execution_potential_rce_via_toolshell.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* Update rules_building_block/execution_potential_rce_via_toolshell.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* fixed from and interval failures

* changed file name

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
2025-08-29 15:17:52 -04:00
..
etc
[New Rule] Toolshell Exploit Chain Detections (#4928)
2025-08-29 15:17:52 -04:00
schemas
[New Rules] External Promotion Alerts (#4903)
2025-07-31 11:00:50 -05:00
__init__.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
__main__.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
action_connector.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
action.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
attack.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
beats.py
[New Rules] External Promotion Alerts (#4903)
2025-07-31 11:00:50 -05:00
cli_utils.py
[FR] [DAC] Add existing mitre threat information on import (#4948)
2025-07-31 09:44:09 -05:00
config.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
custom_rules.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
custom_schemas.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
devtools.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
docs.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
ecs.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
endgame.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
eswrap.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
exception.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
generic_loader.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
ghwrap.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
integrations.py
Fix variable usage impacting schema build performance (#4910)
2025-07-15 21:20:30 +05:30
kbwrap.py
[Bug] [DAC] Custom Rules Filter Discrepancy on Stacks Upgraded to 8.18 (#4945)
2025-08-05 09:42:25 -04:00
main.py
[FR] [DAC] Add Arbitrary File location Support for Local Creation Date (#4915)
2025-07-31 14:35:00 -04:00
misc.py
fix: Better aligning prompt behaviour with jsonschema types (#4894)
2025-07-11 07:10:47 -05:00
mixins.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
ml.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
navigator.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
packaging.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
remote_validation.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
rule_formatter.py
[Bug] Rule Toml Write Formatting Wrongly Formats \\\\x (#4978)
2025-08-18 17:03:51 -04:00
rule_loader.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00
rule_validators.py
[New Rules] External Promotion Alerts (#4903)
2025-07-31 11:00:50 -05:00
rule.py
fix: Allow different order of the metadata fields in ESQL queries (#4956)
2025-08-02 02:26:39 +02:00
utils.py
[Bug] [DAC] Custom Rules Filter Discrepancy on Stacks Upgraded to 8.18 (#4945)
2025-08-05 09:42:25 -04:00
version_lock.py
fix: type hinting fixes and additional code checks (#4790)
2025-07-01 08:20:55 -05:00